Free Microsoft Tool Tests Corporate Apps for Vista Compatibility

Microsoft has released a tool to help IT shops and developers determine if changes are needed to users’ applications in order to run under Windows Vista.

The Standard User Analyzer version 1.0 is designed to aid developers and IT professionals in diagnosing issues that would prevent a program from running properly without administrator privileges. With Vista’s User Account Protection (also referred to as User Account Control or UAC), even administrators run most programs with standard user privileges by default. That means that applications can no longer have administrator access, and therefore applications that require those privileges will not run under Vista without changes.

The Standard User Analyzer is designed to be run on the developer or tester’s workstation to test and troubleshoot a specific application. Microsoft says that the tool can identify a range of administrator dependencies, including file and registry access, INI files, and security privileges, as well as token and name space issues.

According to documents on Microsoft’s site, the Standard User Analyzer is designed to complement Microsoft’s Application Compatibility Toolkit (ACT) 5.0, which will include a UAC agent that can be deployed to users’ desktops to identify applications that require administer privileges. Issues identified with the Standard User Analyzer can also be entered into the ACT 5.0 database so that application compatibility can be tracked across environments.

UAC is a major new security feature in Vista. It modifies the way users are provided access for making system changes. In previous Windows releases, performing IT-related tasks such as installing programs, device drivers and the like required administrator privileges. Additionally, many existing applications require that they run in administrator-level security. Those applications may not continue to function under Vista without changes, which the tool is meant to help identify.

In UAC, a user has a basic set of "standard" low-level rights and privileges. Since many malware attack vectors exploit security holes that allow them to take on the current user’s or application’s security level, the standard mode provides only the privileges needed to perform basic tasks. Since the user in standard mode doesn’t have the rights to perform administrative tasks, a successful attack that took control of the user’s account would only let the attacker perform a limited set of actions.

Likewise, applications are no longer allowed to run at administrator-level, so many custom corporate applications may need to be modified to run under the new model. Thus, Microsoft has asked third-party developers and IT organizations to check their applications and make changes necessary to enable them to run. The Standard User Analyzer is meant to help identify which applications have problems running under UAC.